summaryrefslogtreecommitdiff
path: root/patches/source/gnutls/gnutls-2.8.6_CVE-2014-3469.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/gnutls/gnutls-2.8.6_CVE-2014-3469.diff')
-rw-r--r--patches/source/gnutls/gnutls-2.8.6_CVE-2014-3469.diff122
1 files changed, 122 insertions, 0 deletions
diff --git a/patches/source/gnutls/gnutls-2.8.6_CVE-2014-3469.diff b/patches/source/gnutls/gnutls-2.8.6_CVE-2014-3469.diff
new file mode 100644
index 00000000..37b97c74
--- /dev/null
+++ b/patches/source/gnutls/gnutls-2.8.6_CVE-2014-3469.diff
@@ -0,0 +1,122 @@
+From b2477c9d1d2b550abade87651382880d370d2803 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@zoho.com>
+Date: Mon, 2 Jun 2014
+Subject: CVE-2014-3469
+
+This is a backport adaptation for use with GnuTLS 2.8.6.
+
+Relevant upstream commit(s):
+-------------------------
+http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=a8b3e14f84174e
+http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=3d6a02f19ff15a
+http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=53958290ab731c
+
+---
+ lib/minitasn1/decoding.c | 11 ++++++++---
+ lib/minitasn1/element.c | 27 ++++++++++++++++++---------
+ 2 files changed, 26 insertions(+), 12 deletions(-)
+
+--- a/lib/minitasn1/decoding.c
++++ b/lib/minitasn1/decoding.c
+@@ -215,7 +215,6 @@ asn1_get_octet_der (const unsigned char
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+- /* if(str==NULL) return ASN1_SUCCESS; */
+ *str_len = asn1_get_length_der (der, der_len, &len_len);
+
+ if (*str_len < 0)
+@@ -223,7 +222,10 @@ asn1_get_octet_der (const unsigned char
+
+ *ret_len = *str_len + len_len;
+ if (str_size >= *str_len)
+- memcpy (str, der + len_len, *str_len);
++ {
++ if (*str_len > 0 && str != NULL)
++ memcpy (str, der + len_len, *str_len);
++ }
+ else
+ {
+ return ASN1_MEM_ERROR;
+@@ -350,7 +352,10 @@ asn1_get_bit_der (const unsigned char *d
+ return ASN1_DER_ERROR;
+
+ if (str_size >= len_byte)
+- memcpy (str, der + len_len + 1, len_byte);
++ {
++ if (len_byte > 0 && str)
++ memcpy (str, der + len_len + 1, len_byte);
++ }
+ else
+ {
+ return ASN1_MEM_ERROR;
+--- a/lib/minitasn1/element.c
++++ b/lib/minitasn1/element.c
+@@ -113,8 +113,11 @@ _asn1_convert_integer (const unsigned ch
+ /* VALUE_OUT is too short to contain the value conversion */
+ return ASN1_MEM_ERROR;
+
+- for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
+- value_out[k2 - k] = val[k2];
++ if (value_out != NULL)
++ {
++ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
++ value_out[k2 - k] = val[k2];
++ }
+
+ #if 0
+ printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
+@@ -623,7 +626,8 @@ asn1_write_value (asn1_node node_root, c
+ if (ptr_size < data_size) { \
+ return ASN1_MEM_ERROR; \
+ } else { \
+- memcpy( ptr, data, data_size); \
++ if (ptr && data_size > 0) \
++ memcpy( ptr, data, data_size); \
+ }
+
+ #define PUT_STR_VALUE( ptr, ptr_size, data) \
+@@ -632,16 +626,19 @@ asn1_write_value (asn1_node node_root, c
+ return ASN1_MEM_ERROR; \
+ } else { \
+ /* this strcpy is checked */ \
+- strcpy(ptr, data); \
++ if (ptr) { \
++ strcpy(ptr, data); \
++ } \
+ }
+
+ #define ADD_STR_VALUE( ptr, ptr_size, data) \
+- *len = (int) strlen(data) + 1; \
+- if (ptr_size < (int) strlen(ptr)+(*len)) { \
++ *len += strlen(data); \
++ if (ptr_size < (int) *len) { \
++ (*len)++; \
+ return ASN1_MEM_ERROR; \
+ } else { \
+ /* this strcat is checked */ \
+- strcat(ptr, data); \
++ if (ptr) strcat (ptr, data); \
+ }
+
+ /**
+@@ -803,7 +810,9 @@ asn1_read_value (asn1_node root, const c
+ case TYPE_OBJECT_ID:
+ if (node->type & CONST_ASSIGN)
+ {
+- value[0] = 0;
++ *len = 0;
++ if (value)
++ value[0] = 0;
+ p = node->down;
+ while (p)
+ {
+@@ -817,7 +826,7 @@ asn1_read_value (asn1_node root, const c
+ }
+ p = p->right;
+ }
+- *len = strlen (value) + 1;
++ (*len)++;
+ }
+ else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
+ {